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(54) DATA CIPHERING AND STORING METHOD AND SYSTEM DEVICE 

(57)Abstract 

PROBLEM TO BE SOLVED: To provide the data ciphering and 
storing method and system device which can prudentially manage 
ciphered data stored in an external storage device by using a 
computer card. 

SOLUTION: Under the control of a control part 33, plaintext data 
Xa and Xb are ciphered sequentially by using a ciphering key Ka 
stored in a ciphering and deciphering key storage part 35 to 
generate corresponding ciphered data Ya and Yb in a process of 
transfer of the plaintext Xa and Xb expanded in the main storage 
device of an information terminal device to the external storage 
device 12. In a process of transfer of ciphered data Ya and Yb |~ 
written temporarily in the external storage device 12 to the 
information processor 11, the ciphered data Ya and Yb are 
deciphered sequentially by using a deciphering key Kb stored in the 
ciphering and deciphering key storage part 35 to restore the 
original plaintext data Xa and Xb by a ciphering process part 34, 
which is constituted in a small-sized, lightweight computer card 13 
having an authenticating function of the user individual. 
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* NOTICES * 

JPO and I MP IT are not responsible for any 
damages caused by the use of this translation. 

1 .This document has been translated by computer. So the translation may not reflect the original precisely. 

2.**** shows the word which can not be translated. 
3.1n the drawings, any words are not translated. 



CLAIMS 



[Claim(s)] 

[Claim 1]On the occasion of preservation of plaintext data developed by main memory unit of information 
terminal equipment, according to predetermined configuration, set a preservation destination of the 
plaintext data concerned as an external storage, and this is changed into an accessible state, When saving 
said plaintext data at an external storage which it changed into the accessible state concerned, In a 
process in which the plaintext data is transmitted to said external storage, encryption processing is 
sequentially performed to the plaintext data concerned using an enciphering key which uses a 
predetermined cryptographic algorithm and its data encryption function, While writing encryption data 
generated by this encryption processing corresponding to said plaintext data in said external storage, When 
reading said encryption data once written in an external storage which it changed into the accessible state 
concerned, In a process in which the encryption data is transmitted to said information terminal equipment, 
decoding processing is sequentially performed to the encryption data concerned using a decode key which 
uses said predetermined cryptographic algorithm and its data decryption function, A data encryption 
preserving method characterized by what plaintext data of origin restored by this decoding processing is 
developed for to a main memory unit of said information terminal equipment. 

[Claim 2]It replaces with said decode key which uses said enciphering key and a data decryption function 
to use a data encryption function of said predetermined cryptographic algorithm, The data encryption 
preserving method according to claim 1 characterized by what encryption processing of said plaintext data 
and decoding processing of said encryption data are performed for using a single common key which uses 
each function both. 

[Claim 3]When writing said encryption data in said external storage, and when reading said encryption data 
from said external storage, The data encryption preserving method according to claim 1 or 2 characterized 
by what necessary interface converting according to interface form of said external storage is performed 
for to the encryption data concerned. 

[Claim 4]The data encryption preserving method according to claim 3 characterized by what said 
predetermined interface converting is performed for according to the SCSI form concerned as said external 
storage using what adopted SCSI form. 

[Claim 5jInformation terminal equipment possessing a card slot. 

An external storage in which access by this information terminal equipment is possible. 

A possible computer card of using it, equipping a card slot of said information terminal equipment, and it 

being used for it, carrying out cable connection to said external storage, and performing data transfer 

mutually between a main memory unit of the information terminal equipment concerned, and said external 

storage. 

A right-to-access setting-out means for it to have, and for it to be constituted, and for said computer card 
concerned to set up the right to access to said external storage, and to make said information terminal 

equipment recognize this. 

A data encryption function and a data decr/ption function. 

When saving plaintext data which is the data encryption preservation system unit provided with the above, 
and was developed by main memory unit of said information terminal equipment at said external storage, 
the plaintext data in a process transmitted to said external storage. Encryption processing is sequentially 
performed to the plaintext data concerned, using said cryptographic algorithm memorized by said 

f i if algorithm memory measure and said enciphering key accumulated in said key accumulation 
means, In the state where the right to access concerned was set up by encryption processing means to 
:reat< jryption data corresponding to said plaintext data, and said right-to-access setting-., it me; 
A" e reading said encryption data once written in said external storage, the encryption data in a process 
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transmitted to said information terminal equipment. Decoding processing is sequentially performed to the 
encryption data concerned, using said cryptographic algorithm memorized by said cryptographic algorithm 
memory measure and said decode key accumulated in said key accumulation means, and it has a decode 
processing means which restores the original plaintext data. 

[Claim 6]Said key accumulation means is what accumulates a single common key which uses both data 
encryption functions and data decryption functions of said cryptographic algorithm that were memorized by 
said cryptographic algorithm memory measure, The data encryption preservation system unit according to 
claim 5 characterized by what said encryption processing means and said decode processing means are 
what performs encryption processing of said plaintext data and decoding processing of said encryption data 
using said common key accumulated in the key accumulation means concerned, respectively. 
[Claim 7]The data encryption preservation system unit according to claim 5 or 6 characterized by what 
functional constitution of said cryptographic algorithm memory measure which constitutes said computer 
card, said key accumulation means, said encryption processing means, and said decode processing means 
is carried out by one chip element, and is changed. 

[Claim 8]The data encryption preservation system unit according to claim 5, 6, or 7 characterized by what 
is been a thing which said right-to-access setting-out means sets [ thing ] up the right to access 
concerned automatically by wearing of said computer card to a card slot of said information terminal 
equipment, and makes said information terminal equipment recognize this. 

[Claim 9]When writing said encryption data in said external storage by said encryption processing means, 
And when reading said encryption data from said external storage by said decode processing means, The 
data encryption preservation system unit according to claim 5, 6, 7, or 8 characterized by what it has 
further an interface converting means to perform necessary interface converting according to interface 
form of said external storage for. 

[Claim 10]The data encryption preservation system unit according to claim 9 which SCSI form is used for 
said external storage, and is characterized by what said interface converting means is what performs said 
necessary interface converting according to the SCSI form concerned. 



[Translation done.] 
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♦ NOTICES * 

JPO and INPIT are not responsible for any 
damages caused by the use of this translation. 

1 .This document has been translated by computer. So the translation may not reflect the original precisely. 

2.**** shows the word which can not be translated. 
3.1n the drawings, any words are not translated. 



DETAILED DESCRIPTION 



[Detailed Description of the Invention] 
[0001] 

[Field of the Invention]This invention about a data encryption preserving method and a system unit in 
detail, When saving the plaintext data created in information terminal equipment, such as a personal 
computer, at external storages, such as a hard disk drive, When developing the encryption data which 
enciphered plaintext data in the process of the transmission, and was saved by this at the external storage 
to the main memory unit of information terminal equipment, It is involved in the data encryption preserving 
method which decoded encryption data in the process of the transmission, and the data encryption 
preservation system unit directly used for the operation. 
[0002] 

[Description of the Prior Art]When it is going to encipher and save the plaintext data which generally 
comprises the document etc. which were drawn up in information terminal equipment, such as a personal 
computer, for the security, in the former. Based on processing of the application software for document 
preparation, the plaintext data after creation in the state where the main memory unit developed, It once 
saves and (namely, usual processing at the time of closing a document) ranks second to data files, such as 
an internal hard disk, with a gestalt as it is, It is made to perform processing for necessary encryption to 
the plaintext data in the state where it was saved at the data file concerned based on processing of the 
application software for cipher processing. 

[0003]In enciphering and saving plaintext data first as shown in drawing 4 if it explains briefly per 
processing of the application software for the cipher processing, The data once saved at the data file 1 is 
read (ST1), The data form is checked (ST2), when it is plaintext data (plaintext data which is trying to 
encipher), processing for necessary encryption is performed (ST3) and the encryption data obtained by this 
is written in the data file 1 (ST4). 

[0004]In order to use again the encryption data once saved by the above processing at the data file 1 on 
the application software for document preparation, Since it is necessary to save again at the data file 1 
and to develop this to the main memory unit of information terminal equipment further after reading this 
from the data file 1 and decoding it, When the data form checked in processing of above-mentioned ST2 is 
encryption data (encryption data which is trying to decode), After performing processing for necessary 
decoding in processing of ST3, the plaintext data obtained by this is written in the data file 1 in processing 
of ST4. 
[0005] 

[Problem(s) to be Solved by the Invention]As mentioned above, if it is in encryption processing of the 
conventional plaintext data, Based on processing of the application software for document preparation, the 
plaintext data concerned developed by the main memory unit of information terminal equipment. Certainly it 
once saves at the data file 1, a result which requires time suitable in order to perform the necessary 

< it -* i ' ( i< "t j i/ . * u - it 1 

good thing can never say operativity for the user of the system concerned. 

jjOOGjThe encryption data obtained by encryption processing, It is saved uniformly for the data file 1 in 
information terminal equipment, and management of the right to access, Usually, since it is performed by 
the attribute flag of the data management part in an information-terminal-equipment device, those who do 
not have the right to access essentially can also change the right to access concerned easily only by 
rewriting of this attribute flag. For this reason, when an unauthorized use is tried for example, by the 
person expert in the composition of this kind of system, there is a danger of the theft of the encrypVc- 
data saved by that unauthorized use person at the data file 1 being carried out, or being eliminated. 
[0007]Set the preservation destination of this point, for example, encryption data, as external storages, 
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such as an outer hard disk device, and at the time of intact of a system. The external storage should be 
removed and the theft of the encryption data by an above-mentioned unauthorized use person and the 
danger of elimination should always become [ make / this / in the bottom of a regular user's management ] 
small by leaps and bounds. 

[0008]However, it is very difficult for making an external storage also under an always regular user's 
management actually. The one most effective for performing this is not practical, considering the size or 
weight, although it is that a user always carries an external storage at the time of intact of a system. 
[0009]When actually managing encryption data with an external storage, to use with no converting, without 
making a change of the hardware is desired. Since SCSI form (SCSI: Small Computer System Interface) is 
being especially standardized as a form of the interface to information terminal equipment in the field of an 
external storage, If it can do, I would like to apply this interface form as it is. 

[0010]In here, the main purposes that this invention should be solved are as follows. That is, the 1st 
purpose of this invention is to provide the possible data encryption preserving method and system unit of 
performing necessary encryption processing to the inside of a short time efficiently. 
[001l]The 2nd purpose of this invention is to provide the data encryption preserving method and system 
unit which eliminated danger by an unauthorized use person, such as a theft of encryption data, and 
elimination, by managing necessary encryption data with an external storage. 

[0012]The 3rd purpose of this invention is to provide the possible data encryption preserving method and 
system unit of managing perfectly the encryption data saved at the external storage, without always 
carrying an external storage. 

[0013]The 4th purpose of this invention is to provide the data encryption preserving method and system 
unit of SCSI form in which application to an external storage is possible. 

[0014]Other purposes of this invention will become naturally clear from the statement of each claim of a 

specification, a drawing, especially a claim. 

[0015] 

[Means for Solving the Problem]This invention constitutes a function which creates encryption data from 
plaintext data developed by main memory unit of information terminal equipment in solution of an 
aforementioned problem in a computer card (what is called a PC card) which has a user individual's 
authentication function, This computer card is made to intervene between information terminal equipment 
and an external storage, and is used, and it restricts to the time when information terminal equipment was 
equipped with that computer card, further, and has the feature of granting the right to access of an 
external storage to information terminal equipment. 

[0016]If it states to a concrete detail, when this invention adopts each new characteristic configuration 
method and means of next enumerating, by solution of the technical problem concerned, it will be 
accomplished so that said purpose may be attained. 

[001 7]Namely, preservation of plaintext data developed by main memory unit of information terminal 
equipment is faced the 1st feature of this invention method, According to predetermined configuration, set 
a preservation destination of the plaintext data concerned as an external storage, and this is changed into 
an accessible state, When saving plaintext data at an external storage which it changed into the accessible 
state concerned, In a process in which the plaintext data is transmitted to an external storage, encryption 
processing is sequentially performed to the plaintext data concerned using an enciphering key which uses a 
predetermined cryptographic algorithm and its data encryption function, While writing encryption data 
generated by this encryption processing corresponding to plaintext data in an external storage, When 
reading encryption data once written in an external storage which it changed into the accessible state 
concerned, In a process in which the encryption data is transmitted to information terminal equipment, 
decoding processing is sequentially performed to the encryption data concerned using a decode key which 
uses a predetermined cryptographic algorithm and its data decryption function, It is in composition 
adoption of a data encryption preserving method which develops plaintext data cf or, gin restored by this 
decoding processing to a main memory unit of information terminal equipment. 

[001 8]The 2nd feature of this invention method is replaced with a decode key which uses an enciphering 
key and a data decryption function to use a data encryption function of a predetermined cryptographic 
algorithm in the 1st feature of an above-mentioned this invention method, It is in composition adoption of a 
data encryption preserving method which performs encryption processing of plaintext data and decoding 
processing of encryption data using a single common key which uses each function both. 
[0019]When the 3rd feature of this invention method writes encryption data in the 1st or 2nd feature of an 
above-mentioned this invention method in an external storage. And when reading encryption data from an 
exterr a, storage, it is in composition adoption of a data encryption preserving method which performs 
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necessary interface converting according to interface form of an external storage to the encryption data 
concerned. 

[0020]The 4th feature of this invention method is in composition adoption of a data encryption preserving 
method which performs predetermined interface converting in the feature according to the SCSI form 
concerned using what adopted SCSI form without considering it as an external storage in the 3rd feature of 
an above-mentioned this invention method. 

[0021]Information terminal equipment with which the 1st feature of this invention device possesses a card 
slot on the other hand, Use it, equipping a card slot of an external storage in which access by this 
information terminal equipment is possible, and information terminal equipment, and it is used for it, 
carrying out cable connection to an external storage, Between a main memory unit of the information 
terminal equipment concerned, and an external storage, have a possible computer card of performing data 
transfer mutually, and it is constituted, A right-to-access setting-out means by which the computer card 
concerned sets up the right to access to an external storage, and makes information terminal equipment 
recognize this, A cryptographic algorithm memory measure which memorizes a cryptographic algorithm 
provided with a data encryption function and a data decryption function, An enciphering key which uses a 
data encryption function of a cryptographic algorithm memorized by this cryptographic algorithm memory 
measure, When saving plaintext data developed by main memory unit of information terminal equipment at 
an external storage in the state where the right to access concerned was set up by key accumulation 
means which accumulates a decode key which uses a data decryption function, and a right-to-access 
setting-out means, the plaintext data in a process transmitted to an external storage. Encryption 
processing is sequentially performed to the plaintext data concerned, using a cryptographic algorithm 
memorized by cryptographic algorithm memory measure and an enciphering key accumulated in a key 
accumulation means, In the state where the right to access concerned was set up by encryption 
processing means to create encryption data corresponding to plaintext data, and a right-to-access 
setting-out means, When reading encryption data once written in an external storage, the encryption data 
in a process transmitted to information terminal equipment. Using a cryptographic algorithm memorized by 
cryptographic algorithm memory measure and a decode key accumulated in a key accumulation means, 
decoding processing is sequentially performed to the encryption data concerned, and it is in composition 
adoption of a data encryption preservation system unit which has a decode processing means which 
restores the original plaintext data. 

[0022]A key accumulation means in the 1st feature of the above-mentioned this invention device the 2nd 
feature of this invention device, It is what accumulates a single common key which uses both data 
encryption functions and data decryption functions of a cryptographic algorithm that were memorized by 
cryptographic algorithm memory measure, An encryption processing means and a decode processing means 
in the feature are in composition adoption of a data encryption preservation system unit which is what 
performs encryption processing of plaintext data and decoding processing of encryption data, respectively 
using a common key accumulated in the key accumulation means concerned. 

[0023]A cryptographic algorithm memory measure which constitutes a computer card [ in / in the 3rd 
feature of this invention device / the 1st or 2nd feature of the above-mentioned this invention device ], A 
key accumulation means, an encryption processing means, and a decode processing means are in 
composition adoption of a data encryption preservation system unit in which functional constitution is 
carried out by one chip element and which changes. 

[0024]A right-to-access setting-out means in the 1st, 2nd, or 3rd feature of the above-mentioned this 
invention device the 4th feature of this invention device, The right to access concerned is automatically 
set up by wearing of a computer card to a card slot of information terminal equipment, and it is in 
composition adoption of a data encryption preservation system unit which is a thing which makes 
information terminal equipment recognize this. 

*' e '>• eat ire of this i/entioi dev ce writes encryption data in an external storage by an 
encryption processing means in the 1st, 2nd, 3rd, or 4th feature of the above-mentioned this invention 
device. And when reading encryption data from an external storage by a decode processing means, it is in 
composition adoption of a data encryption preservation system unit which has further an interface 
converting means to perform necessary interface converting according to interface form of an external 
storage. 

[0026]An external storage in the 5th feature of the above-mentioned this invention device the 6th feature 
of this invention device, SCSI form is adopted and an interface converting means in the feature is in 
ccmpcL, : uacction of a data encryption preservation system unit which is what performs r.ece 
it terface converting according to the SCSI form concerned. 
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[0027] 

[Embodiment of the Invention]Hereafter, an embodiment of the invention is described per the example of a 
device, and example of a method, referring to an accompanying drawing. 

[0028](Example of a device) First the composition of the data encryption preservation system unit 
concerning this embodiment, The information terminal equipment 11 which comprises a personal computer 
etc. as basic constitution of a system as shown in .: .. ..It has the external storage 12 which 
comprises the outer hard disk device (a usual magnetic disk drive and optical-magnetic disc equipment) 
etc. of the SCSI form in which access by this information terminal equipment 1 1 is possible. And the 
computer card 13 which the main formation parts of this invention are accomplished and can perform data 
transfer mutually between the main memory unit of the information terminal equipment 11, and the external 
storage 12, The card slot 1 1a provided in the information terminal equipment 1 1 is equipped with the end (a 
figure right end). And the other end (a figure lower end) is connected to the external storage 1 2 through 
the SCSI cable 14 (by a diagram, the SCSI cable 14 is drawn by bus form for simplification). 
[0029]In the above system configuration, the plaintext data Xa and Xb which were developed by the main 
memory unit (not shown) of the information terminal equipment 1 1, It is enciphered by the enciphering key 
Ka accumulated in the predetermined region (it mentions later for details) of the computer card 13, and 
this is transmitted to the external storage 12 through the SCSI cable 14, and is saved as the encryption 
data Ya and Yb. The encryption data Ya and Yb once saved at the external storage 12. It is transmitted to 
the computer card 13 through the SCSI cable 14, it is decoded by the decode key Kb accumulated in the 
predetermined region (it mentions later for details) of this computer card 13, and the main memory unit of 
the information terminal equipment 1 1 develops. 

[0030]The card I/F part 31 (I/F means an "interface".) which accomplishes the connector function at the 
time of equipping the card slot 1 1 a of the information terminal equipment 1 1 at the end (left end of a 
figure) to the above-mentioned computer card 13 here as shown in c % >-,._ Tithe following — it is the same 
— functional constitution of the SCSI section 32 for functional constitution being carried out, and, 
accomplishing the connector mechanism at the time of making connection with the SCSI cable 14 to the 
other end (right end of a figure) on the other hand, and performing interface converting of SCSI form 
between the external storages 1 2 of SCSI form is carried out. 

[0031 ]The control section 33 which changes from CPU (central processing unit) etc. which control overall 
operation of the computer card 13 concerned to the inside of the computer card 13 on the other hand, 
While memorizing the cryptographic algorithm provided with the data encryption function and the data 
decryption function, In the plaintext data Xa developed by the basis of control of the above-mentioned 
control section 33, and the main memory unit of the information terminal equipment 1 1, and the process in 
which Xb is transmitted to the external storage 12. Encryption processing is sequentially performed to the 
plaintext data Xa concerned and Xb, using an above-mentioned cryptographic algorithm and the 
enciphering key Ka, The encryption data Ya and Yb which created the encryption data Ya and Yb 
corresponding to this, and was once written in the external storage 1 2 in the process transmitted to the 
information terminal equipment 11. Decoding processing is sequentially performed to the encryption data 
Ya and Yb concerned, using an above-mentioned cryptographic algorithm and the decode key Kb, 
Functional constitution of the encryption and the decode key accumulating part 35 which accumulates the 
original plaintext data Xa, the cipher-processing part 34 which restores Xb, the above-mentioned 
enciphering key Ka which uses the data encryption function of a cryptographic algorithm, and the above- 
mentioned decode key Kb which uses a data decryption function is carried out. 

[0032]In addition to each above component, inside the computer card 13 concerned, While the I/F part 36 
for performing necessary interface converting between the information terminal equipment 11 is formed 
between the above-mentioned card I/F part 31 and the control section 33, Between the above-mentioned 
SCSI section 32 and the control section 33, the plaintext data Xa, Xb, and the encryption data Ya and Yb 

which are mutually sent and received between the information terminal equipment 1 1 and the external 
storage 1 2 are held temporarily, and the buffer 37 for this to aim at adjustment of a data transfer rate, etc. 
is formed. 

[0033]When the card slot 1 1a of the information terminal equipment 1 1 is equipped with the computer card 
13 of the above composition as for the above-mentioned card I/F part 31, The right to access to the 
external storage 12 is set up automatically, and it has the function for making the information terminal 
equipment 1 1 recognize this, i.e., the function for making the information terminal equipment 1 1 recognize 
actually having been equipped with the computer card 13. If it puts in another way, it will be a function for 
est ;th this function to the time when the card slot 11a was equipped with the computer card 13 
zz> se ned and permitting the right to access to the external storage 12 (when it is removed, the right to 
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access is denied). 

[0034]As mentioned above, although explained per [ concerning this embodiment ] example of a device, 
Each component 33 inside the computer card 13 mentioned above, i.e., a control section, the cipher- 
processing part 34, encryption and a decode key accumulating part 35, the I/F part 36, and the buffer 37, 
Even if it carries out functional constitution of each of that component with corresponding discrete part, it 
does not interfere, but it replaces with this and may be made to carry out functional constitution by the 
one chip element 38 which unified these each function. Since the field concerned is black-box-ized when 
the functional constitution by this one chip element 38 is adopted, it is very convenient when obtaining the 
field in which physical security is possible. 

[0035]Although two kinds of keys, the enciphering key Ka and the decode key Kb, are accumulated in 
encryption and the decode key accumulating part 35 and the data encryption function and data decryption 
function of the cryptographic algorithm which were memorized by the cipher-processing part 34 were 
explained in the above example of a device per [ which uses properly and uses two kinds of the key ] 
technique, Besides this, accumulate the possible (the proper use at the time of using both functions is 
unnecessary) single common key of using both data encryption functions and data decryption functions of 
that cryptographic algorithm, and with this common key. Of course, it is possible to make it also make the 
both sides of the necessary plaintext data Xa, encryption processing of Xb, and the decoding processing of 
the encryption data Ya and Yb perform. 

[0036]It explains per operation procedure of the example of a method applied to (the example of a method), 
next the example of a device explained above. 

[0037]In the data encryption preserving method concerning this embodiment. As shown in , , ' _ ',, in 
order to first choose the plaintext data Xa concerned and the subject equipment (in the case of this 
embodiment external storage 12) used as the preservation destination of Xb when saving the plaintext data 
Xa developed by the main memory unit of the information terminal equipment 1 1, and Xb, A SCSI address, 
i.e., the bus address in a daisy chain bus method, is chosen (ST11), and the external storage 12 concerned 
is changed into an accessible state. 

[0038]When saving the plaintext data Xa and Xb at the external storage 12 which it changed into the 
accessible state here, According to write-in directions of the data from the information terminal equipment 
11 (ST12), in the plaintext data Xa and the process in which Xb is transmitted to the external storage 12. 
The cryptographic algorithm memorized by the cipher-processing part 34 and the enciphering key Ka 
accumulated in encryption and the decode key accumulating part 35 are used, Encryption processing is 
sequentially performed to the plaintext data Xa concerned and Xb, and the encryption data Ya and Yb 
generated by this encryption processing corresponding to the plaintext data Xa and Xb is written in the 
external storage 12 (ST13). 

[0039]When reading the encryption data Ya and Yb once written in the external storage 12 which it 
changed into the accessible state on the other hand, According to the read instruction of the data from 
the information terminal equipment 11 (ST12), in the process in which the encryption data Ya and Yb is 
transmitted to the information terminal equipment 11. The cryptographic algorithm memorized by the 
cipher-processing part 34 and the decode key Kb accumulated in encryption and the decode key 
accumulating part 35 are used, Decoding processing is sequentially performed to the encryption data Ya 
and Yb concerned, and the plaintext data Xa of the origin restored by this decoding processing and Xb are 
developed to the main memory unit of the information terminal equipment 11 (ST14). 
[0040]When the enciphering key Ka and the decode key Kb were not accumulated in encryption and the 
decode key accumulating part 35, but it replaces with this and the single common key mentioned above is 
accumulated, Of course, it is made to perform the both sides of the plaintext data Xa in ST13, encryption 
processing of Xb, and the decoding processing of the encryption data Ya and Yb in ST14 using the common 
key. 

[0041]According to the data encryption preserving method as for which the above result starts this 
embodiment, the plaintext data Xa and Xb which were developed by the main memory unit of the 
information terminal equipment 1 1 , It becomes possible to save directly according to the gestalt of the 
encryption data Ya and Yb at the external storage 12 of SCSI form put under management of the user of a 
system, without once saving at the application software for document preparation. And since it is sufficient 
if this is not always carried but ** also carries only the small and lightweight computer card 13 when 
managing the external storage 12 with which the encryption data Ya and Yb was saved, the theft of the 
encryption data Ya and Yb by an unauthorized use person and the danger of elimination also disappear. 
D042]As "mentioned above, although the embodiment of the invention was described per the example of a 
device and example of a method, within limits which are net necessarily limited only to an above- 
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mentioned means and technique, attain the purpose said to this invention, and have an effect mentioned 

later, this invention can carry out change implementation suitably. 

[0043] 

[Effect of the Invention]As explained above, according to this invention, the plaintext data developed by 
the main memory unit of information terminal equipment, Without once saving at the application software 
for document preparation, It becomes possible to perform necessary encryption processing to the inside of 
a short time efficiently from the ability to save directly according to the gestalt of encryption data at 
external storages put under management of the user of a system, such as SCSI form. 
[0044]The computer card which has a user individual's authentication function is burdened with a data 
encryption and function decoding, From restricting this to the time when the card slot of information 
terminal equipment was equipped, and having granted the right to access of the external storage to 
information terminal equipment. Management of the external storage with which encryption data was saved 
is faced, If this is not always carried but only a computer card small [ ** ] and lightweight is removed and 
carried, are sufficient, As a result, it becomes possible to manage perfectly the encryption data saved at 
that external storage as data peculiar to a user at the same time the theft of the encryption data by the 
unauthorized use person of a system and the danger of elimination are eliminated. 



[Translation done.] 
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